tgstation-server/_authorization_helper_8cs_source.html

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;


using HotChocolate;


using Microsoft.AspNetCore.Authorization;


using Tgstation.Server.Host.Security;


namespace Tgstation.Server.Host.GraphQL

{


    static class AuthorizationHelper

    {


        public static GraphQLException ForbiddenGraphQLException(this AuthorizationFailure authorizationFailure)

        {

            ArgumentNullException.ThrowIfNull(authorizationFailure);


            var messageBuilder = new StringBuilder("The current user is not authorized to access this resource.");


            foreach (var failureReason in authorizationFailure.FailureReasons)

            {

                messageBuilder.AppendLine();

                messageBuilder.Append("\t- ");

                messageBuilder.Append(failureReason.Message);

            }


            return new(ErrorBuilder.New()

                .SetMessage(messageBuilder.ToString()) // Copied from graphql-platform: AuthorizeMiddleware.cs

                .SetCode(ErrorCodes.Authentication.NotAuthorized)

                .Build());

        }


        public static async ValueTask CheckGraphQLAuthorized(

            this Security.IAuthorizationService authorizationService,

            IEnumerable<IAuthorizationRequirement>? authorizationRequirements,

            long? instanceId,

            bool excludeUserSessionValidRequirement = false)

        {

            ArgumentNullException.ThrowIfNull(authorizationService);

            ArgumentNullException.ThrowIfNull(authorizationRequirements);


            if (!excludeUserSessionValidRequirement)

                authorizationRequirements = UserSessionValidRequirement.InstanceAsEnumerable.Concat(authorizationRequirements);


            var result = await authorizationService.AuthorizeAsync(authorizationRequirements, instanceId);

            if (!result.Succeeded)

                throw result.Failure.ForbiddenGraphQLException();

        }


    }


}


Tgstation.Server.Host.GraphQL.AuthorizationHelper
Helper for authorization functionality related to GraphQL.
Definition AuthorizationHelper.cs:19

Tgstation.Server.Host.GraphQL.AuthorizationHelper.ForbiddenGraphQLException
static GraphQLException ForbiddenGraphQLException(this AuthorizationFailure authorizationFailure)
Create a new GraphQLException to be thrown when a forbidden error occurs.
Definition AuthorizationHelper.cs:25

Tgstation.Server.Host.GraphQL.AuthorizationHelper.CheckGraphQLAuthorized
static async ValueTask CheckGraphQLAuthorized(this Security.IAuthorizationService authorizationService, IEnumerable< IAuthorizationRequirement >? authorizationRequirements, long? instanceId, bool excludeUserSessionValidRequirement=false)
Evaluate a given set of authorizationRequirements , throwing the approriate GraphQLException on failu...
Definition AuthorizationHelper.cs:52

Tgstation.Server.Host.Security.UserSessionValidRequirement
IAuthorizationRequirement for testing if a user is enabled and their session is valid.
Definition UserSessionValidRequirement.cs:11

Tgstation.Server.Host.Security.UserSessionValidRequirement.InstanceAsEnumerable
static IEnumerable< UserSessionValidRequirement > InstanceAsEnumerable
The singleton instance of this class.
Definition UserSessionValidRequirement.cs:15

Tgstation.Server.Host.GraphQL
Definition AuthorizationHelper.cs:14

Tgstation.Server.Host.Security
Definition AuthenticationContext.cs:8